When the Kanagawa Prefectural Police Headquarters examined the computers of a Chinese group arrested in the case of unauthorized use of smartphone payment services, it was found that information such as IDs and passwords for millions of people was stored in total.

Some of them were from payment services used in Japan, so the police are analyzing the information and investigating the acquisition route.

In the case of unauthorized use of payment services using smartphones and other devices, the Kanagawa Prefectural Police Headquarters has arrested a group of Chinese nationals, including vocational school student Hu Okubo (30), on suspicion of fraud and other charges for illegally logging into another person's account and purchasing products.

In the subsequent investigation, the police examined in detail the personal computers seized from the home of Hu, who is believed to be the group's leaders, and found information such as IDs and passwords for millions of people.

Some of these are payment services used in Japan, and according to investigators, they may have obtained it through "phishing scams" that steal information on fake sites or highly anonymous dark sites on the Internet.

The group is believed to have illegally logged into the account based on this information, and the police will re-arrest Hu on the 1st to analyze the information and investigate the acquisition route.

How do I get a large number of IDs and passwords?

How did they obtain the large amount of information such as IDs and passwords found on their computers?

【Acquisition method 1 Phishing】
According to those involved in the investigation, one of the methods of obtaining it is considered to be a "phishing scam" that directs you to a fake site and makes you enter your ID and password. Send false e-mails to payment service users such as "If you introduce a friend, you will receive points" and direct them to a fake site. It is a method of tricking you into entering your ID and password. According to the Anti-Phishing Council, about 1,1 phishing scams were reported in the past year, an increase of more than 96,44 from adults, the highest ever.

【How to get it 2 Dark Site】
Another possibility is that it was obtained from a dark site with high anonymity on the Internet. We believe that a lot of personal information that has been leaked may be bought and sold, so there is a possibility that data purchased from such sites may be included.

Expert "Written links Don't click easily"

Experts familiar with information security say, "Even if you receive a suspicious email, please check the website of the business operator carefully without clicking the link."

Ritsu Shinoda, president of South Plume, an information security company in Tokyo, points out that the leakage of information such as IDs and passwords is "possible due to 'phishing scams,' hacking of companies, and cases where computers are infected with malware that steals information."

In addition to this, he mentioned the existence of the black market = black market on highly anonymous sites on the Internet, saying, "In some cases, millions or tens of millions of information are being traded at once, and recently there have been confirmed posts selling 1000 million login information that is thought to have been leaked due to a virus." It is said that there are cases where a large amount of information is bought and sold.

On top of that, Shinoda said as a countermeasure for users, "The first measure is not to click on the link written even if you receive an email claiming to be the service you are using. It is also effective to make passwords more complex and change them regularly."